CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Positive Technologies•added 2026/06/12 12:0 a.m.•12 views

PT-2026-48972

A mass assignment vulnerability exists in MISP’s sharing group creation endpoint. When creating a new sharing group, the controller did not remove a user-supplied id field before saving the submitted data. In CakePHP, supplying a primary key in the save data can cause a create followed by save...

8.4CVSS5.3AI score0.00226EPSS

RedhatCVE•added 2026/06/05 7:36 p.m.•11 views

CVE-2026-23752

GFI HelpDesk before 4.99.9 contains a stored cross-site scripting vulnerability in the template group creation and editing functionality that allows authenticated administrators to inject arbitrary JavaScript by manipulating the companyname POST parameter without HTML sanitization. Attackers can...

4.8CVSS5.5AI score0.00151EPSS

RedhatCVE•added 2026/06/05 7:23 p.m.•7 views

CVE-2026-35034

Jellyfin is an open source self hosted media server. Versions prior to 10.11.7 contain a denial of service vulnerability in the SyncPlay group creation endpoint POST /SyncPlay/New, where an authenticated user can create groups with names of unlimited size due to insufficient input validation. By...

6.5CVSS5.5AI score0.0026EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Zabbix

A authenticated user can create a hosts group using the configuration with XSS payload, which will be available to other users. When XSS is stored by an authenticated malicious actor, and other users attempt to search for groups during the creation of new hosts, the XSS payload will activate,...

6.3CVSS6.2AI score0.01035EPSS

AstraLinux•added 2026/05/03 11:59 p.m.•6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF Use After Free issues during group creation. This commit addresses the issue where a malicious user space could potentially alter the handle of a group and attempt to call the GROUPDESTROY ioctl...

5.3AI score0.00181EPSS

EUVD•added 2026/04/20 6:31 p.m.•5 views

EUVD-2026-23926

4.8CVSS5.8AI score0.00151EPSS

Exploits0References3

Positive Technologies•added 2026/04/20 12:0 a.m.•7 views

PT-2026-33820

4.8CVSS5.8AI score0.00151EPSS

Exploits0References5

EUVD•added 2026/04/14 10:31 p.m.•2 views

EUVD-2026-22770

6.5CVSS5.9AI score0.0026EPSS

CNNVD•added 2026/04/14 12:0 a.m.•4 views

Jellyfin 资源管理错误漏洞

Jellyfin is an open-source free software media system developed by Jellyfin. It allows you to control the management and streaming of media. It serves as a replacement for proprietary products like Emby and Plex, enabling the delivery of media from dedicated servers to end-user devices through...

6.5CVSS5.8AI score0.0026EPSS

NVD•added 2026/04/07 6:16 p.m.•1 views

CVE-2026-35575

ChurchCRM is an open-source church management system. Prior to 6.5.3, a Stored Cross-Site Scripting Stored XSS vulnerability in the admin panel’s group-creation feature allows any user with group-creation privileges to inject malicious JavaScript that executes automatically when an administrator...

8CVSS0.00243EPSS

EUVD•added 2026/04/07 5:8 p.m.•1 views

EUVD-2026-19773

ATTACKERKB•added 2026/04/07 5:8 p.m.•3 views

CVE-2026-35575

Exploits0References2Affected Software1

CVE•added 2026/04/07 5:8 p.m.•9 views

CVE-2026-35575

ChurchCRM (open-source church management) has a Stored XSS in the admin panel’s group-creation feature, prior to version 6.5.3. The vulnerability allows any user with group-creation privileges to inject malicious JavaScript that executes when an administrator views the page, enabling theft of the...

Exploits0References1Affected Software1

Cvelist•added 2026/04/07 5:8 p.m.•17 views

CVE-2026-35575 ChurchCRM has Stored XSS in Group Name

8CVSS0.00243EPSS

CNNVD•added 2026/04/07 12:0 a.m.•5 views

ChurchCRM 安全漏洞

ChurchCRM is an open-source CRM system developed for churches. Versions of ChurchCRM prior to 6.5.3 contained security vulnerabilities. These vulnerabilities stemmed from a cross-site scripting vulnerability in the group creation feature of the administration panel. This vulnerability could allow...

8CVSS5.7AI score0.00243EPSS

Positive Technologies•added 2026/04/07 12:0 a.m.•2 views

PT-2026-30941

OSV•added 2026/02/18 10:7 p.m.•4 views

GHSA-93FX-G747-695X LibreNMS /port-groups name Stored Cross-Site Scripting

Summary /port-groups name Stored Cross-Site Scripting - HTTP POST - Request-URIs: "/port-groups" - Vulnerable parameters: "name" - Attacker must be authenticated with "admin" privileges. - When a user adds a port group, an HTTP POST request is sent to the Request-URI "/port-groups". The name of t...

5.1CVSS5.5AI score0.00216EPSS

Exploits1References6

OSV•added 2026/02/18 4:22 p.m.•4 views

AZL-77951 CVE-2025-71233 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Avoid creating sub-groups asynchronously The asynchronous creation of sub-groups by a delayed work could lead to a NULL pointer dereference when the driver directory is removed before the work completes. The crash...

5.5CVSS5.6AI score0.00118EPSS